Bitcoin exchanges buckle under strain of phantom transactions

Mt. Gox, Bitstamp, and other Bitcoin exchanges have temporarily suspended withdrawal transactions after coming under a form of a denial-of-service attack that abuses weaknesses in the way they keep track of fund balances, a security expert said.

The attacks don't have any permanent effect on the central accounting mechanism for the digital currency, but they are likely the driving force behind a sharp decline in the bitcoin-to-dollar exchange rate over the past 48 hours. Since the attacks began on Monday, the price of one bitcoin on Mt. Gox has fallen from just below $700 to well below $540 at one point. It has see-sawed ever since and was at about $580 as this report was being prepared. Other exchanges showed similar fluctuations.

Andreas M. Antonopoulos, chief security officer of digital wallet developer Blockchain, said the attacks work by flooding exchanges with a large number of malformed transactions that are similar, but not identical, to legitimate transactions that were already made. Exchanges that trust one or more of the fake records instead of the entries in the official Bitcoin blockchain quickly fall out of sync with the rest of the network and must recalculate their fund balances once the mistakes become apparent. Malformed transactions aren't necessarily new, but over the past 48 hours their numbers have mushroomed, causing logjams that have prevented some exchanges from being able to process withdrawal requests.

"What makes it major is that malformed transactions are being injected at a far greater rate than we've ever seen before," Antonopoulos told Ars. "Whereas before this was a few transactions affecting Mt. Gox, now it's a lot of transactions affecting everyone."

Phantoms go viral

Antonopoulos likened the fake transactions attack to a crook photocopying a cash register receipt and using the duplicates to obtain store refunds for a previously purchased item. When only a few people carry out the scam, it's not likely to have any noticeable effect. If it's repeated often enough, however, it's bound to create a strain on the retailer's internal accounting system that takes time to reconcile.

"Whereas yesterday people were showing up at one store with these receipts, suddenly today it went viral," Antonopoulos explained. "And it's effectively like every retail store in the country is having lines of people showing up with photocopied receipts and [the stores] all have to think very carefully about how they're managing their refunds. And so they all say, 'Hang on—we're not going to process refunds for a day until we figure out what's going on here.'"

The attacks work because some exchanges rely on unconfirmed transaction records when adjusting balances or other items on their account ledgers. When an exchange relies on a record with a falsified cryptographic hash or identifier, it will encounter discrepancies once the legitimate transaction—or even another malformed record for the same transaction—is processed. There's little risk of funds being permanently lost, since balances will eventually be automatically reset based on records contained in the authoritative Bitcoin blockchain. Still, in the interim, the flood of phantom transactions can bog down systems and create backlogs that take time to work through.

The good news is that the integrity of the Bitcoin ledger is in no way compromised by the ongoing attacks. Bitcoin users may also be relieved to know that it's not hard for exchanges to update their systems to enable them to better withstand the attacks. Instead of relying on unconfirmed transaction records, Antonopoulos said, exchanges should trust transactions only after they have been entered into the official blockchain.